Invisible Yandex SmartCaptcha in Android apps
To embed invisible SmartCaptcha in an Android app:
- Create JavaScript Interface.
- Configure WebView to work with CAPTCHA.
- Handle the event that triggered a CAPTCHA challenge to the user.
- Retrieve the CAPTCHA test results.
Getting started
- Add HTML code to work with SmartCaptcha (or use a ready-made
https://smartcaptcha.yandexcloud.net/webview). - Create a CAPTCHA following this guide.
- Retrieve the CAPTCHA keys. Copy the Client key and Server key field values from the Overview tab of the CAPTCHA you created. You will need the Client key to load web pages using CAPTCHA and the Server key, to get the CAPTCHA test results.
Create a JavaScript Interface
-
Create a class to receive messages using a callback function from your web page with CAPTCHA.
-
Define the methods with
@JavascriptInterfaceannotations:onGetToken(token: String): Web page returns a token for passing CAPTCHA verification.onChallengeVisible(): Opening the CAPTCHA challenge pop-up window.onChallengeHidden(): Closing the CAPTCHA challenge pop-up window.
class WebJsInterface { @JavascriptInterface fun onGetToken(token: String) { //your code } @JavascriptInterface fun onChallengeVisible() { //your code } @JavascriptInterface fun onChallengeHidden() { //your code } }
Configure WebView to work with CAPTCHA
-
Create a WebView and add it to the screen.
-
Upload the URL of the web page with CAPTCHA to the WebView.
-
Add the query parameters to the URL:
val webView = findViewById<WebView>(R.id.webViewCaptcha) webView.loadUrl("URL of the page with CAPTCHA?sitekey=<client_key>&invisible=true")Where:
sitekey: Previously obtained client key.invisible=true: Switching CAPTCHA to invisible mode.
-
Add the created JavaScript Interface object to the WebView. Specify
NativeClientas the second parameter (this is where the web page will send messages using a callback function):settings.javaScriptEnabled = true // Enables Javascript execution addJavascriptInterface(WebJsInterface(), "NativeClient")
Handle the event that triggered a CAPTCHA challenge to the user
-
Specify the WebView display logic using the
onChallengeVisible()method. It is called once the CAPTCHA has shown a challenge to the user. Here is an implementation example of switchingvisibility(while the CAPTCHA was handling an action, the WebView status wasView.GONE):val webView = activity.findViewById<WebView>(R.id.webViewCaptcha) webView.visibility = View.VISIBLE -
Specify the logic for the event when the user fails a CAPTCHA challenge and collapses it. This calls the
onChallengeHidden()method that hides the WebView. Example of the WebView returned to theView.GONEstatus:val webView = activity.findViewById<WebView>(R.id.webViewCaptcha) webView.visibility = View.GONE
Retrieve the CAPTCHA test results
-
Save the token for passing CAPTCHA verification. It is returned in the
onGetToken(token: String)method once the service handles an attempt. -
To validate the token, send a GET request to
https://smartcaptcha.yandexcloud.net/validatewith the following parameters:secret: Server key.token: One-time token received after passing the check.ip: IP address of the user that originated the request to validate the token. This is an optional parameter, but we ask you to provide the user IP when making requests. This helps improve SmartCaptcha performance.
Note
This logic must be implemented on the backend. Make sure the
secretkey does not get to the Android app.Sample request:
https://smartcaptcha.yandexcloud.net/validate?secret=<server_key>&ip=<user_IP>&token=<token> -
Get a server response. It contains a JSON object with the
statusand themessagefields. For example:-
It is a human:
{ "status": "ok", "message": "" } -
It is a robot:
{ "status": "failed", "message": "" }
-
Specifics
Invisible CAPTCHA requires less memory than normal CAPTCHA because it does not load the code that renders the I’m not a robot button.
However, the widget loading time may vary for users. This is why we recommend warning users about the CAPTCHA to avoid any confusion while they are waiting.